Thanks to Shay Levy for pointing me to the possibility to filter on the GroupType to get the authorative groups in Active Directory.
Here’s a function you can use to list the users that are a member of such a group:

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

functionGet-ElevatedUsers{

$GroupTypes='-2147483643'

$ElevatedGroups=Get-ADGroup-Filter{grouptype-eq$GroupType}-Properties members

4 comments

Would you mind explaining a bit about what is considered an authorative group in AD and what they are used for ? I’m only familiar with authoritative restores and google also points me in that direction.